875 lines
18 KiB
PHP
875 lines
18 KiB
PHP
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
|
|
/**
|
|
* CodeIgniter
|
|
*
|
|
* An open source application development framework for PHP 4.3.2 or newer
|
|
*
|
|
* @package CodeIgniter
|
|
* @author ExpressionEngine Dev Team
|
|
* @copyright Copyright (c) 2008 - 2010, EllisLab, Inc.
|
|
* @license http://codeigniter.com/user_guide/license.html
|
|
* @link http://codeigniter.com
|
|
* @since Version 1.0
|
|
* @filesource
|
|
*/
|
|
|
|
// ------------------------------------------------------------------------
|
|
|
|
/**
|
|
* Validation Class
|
|
*
|
|
* @package CodeIgniter
|
|
* @subpackage Libraries
|
|
* @category Validation
|
|
* @author ExpressionEngine Dev Team
|
|
* @link http://codeigniter.com/user_guide/libraries/validation.html
|
|
*/
|
|
class CI_Validation {
|
|
|
|
var $CI;
|
|
var $error_string = '';
|
|
var $_error_array = array();
|
|
var $_rules = array();
|
|
var $_fields = array();
|
|
var $_error_messages = array();
|
|
var $_current_field = '';
|
|
var $_safe_form_data = FALSE;
|
|
var $_error_prefix = '<p>';
|
|
var $_error_suffix = '</p>';
|
|
|
|
|
|
|
|
/**
|
|
* Constructor
|
|
*
|
|
*/
|
|
function CI_Validation()
|
|
{
|
|
$this->CI =& get_instance();
|
|
|
|
if (function_exists('mb_internal_encoding'))
|
|
{
|
|
mb_internal_encoding($this->CI->config->item('charset'));
|
|
}
|
|
|
|
log_message('debug', "Validation Class Initialized");
|
|
}
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
/**
|
|
* Set Fields
|
|
*
|
|
* This function takes an array of field names as input
|
|
* and generates class variables with the same name, which will
|
|
* either be blank or contain the $_POST value corresponding to it
|
|
*
|
|
* @access public
|
|
* @param string
|
|
* @param string
|
|
* @return void
|
|
*/
|
|
function set_fields($data = '', $field = '')
|
|
{
|
|
if ($data == '')
|
|
{
|
|
if (count($this->_fields) == 0)
|
|
{
|
|
return FALSE;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if ( ! is_array($data))
|
|
{
|
|
$data = array($data => $field);
|
|
}
|
|
|
|
if (count($data) > 0)
|
|
{
|
|
$this->_fields = $data;
|
|
}
|
|
}
|
|
|
|
foreach($this->_fields as $key => $val)
|
|
{
|
|
$this->$key = ( ! isset($_POST[$key])) ? '' : $this->prep_for_form($_POST[$key]);
|
|
|
|
$error = $key.'_error';
|
|
if ( ! isset($this->$error))
|
|
{
|
|
$this->$error = '';
|
|
}
|
|
}
|
|
}
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
/**
|
|
* Set Rules
|
|
*
|
|
* This function takes an array of field names and validation
|
|
* rules as input ad simply stores is for use later.
|
|
*
|
|
* @access public
|
|
* @param mixed
|
|
* @param string
|
|
* @return void
|
|
*/
|
|
function set_rules($data, $rules = '')
|
|
{
|
|
if ( ! is_array($data))
|
|
{
|
|
if ($rules == '')
|
|
return;
|
|
|
|
$data = array($data => $rules);
|
|
}
|
|
|
|
foreach ($data as $key => $val)
|
|
{
|
|
$this->_rules[$key] = $val;
|
|
}
|
|
}
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
/**
|
|
* Set Error Message
|
|
*
|
|
* Lets users set their own error messages on the fly. Note: The key
|
|
* name has to match the function name that it corresponds to.
|
|
*
|
|
* @access public
|
|
* @param string
|
|
* @param string
|
|
* @return string
|
|
*/
|
|
function set_message($lang, $val = '')
|
|
{
|
|
if ( ! is_array($lang))
|
|
{
|
|
$lang = array($lang => $val);
|
|
}
|
|
|
|
$this->_error_messages = array_merge($this->_error_messages, $lang);
|
|
}
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
/**
|
|
* Set The Error Delimiter
|
|
*
|
|
* Permits a prefix/suffix to be added to each error message
|
|
*
|
|
* @access public
|
|
* @param string
|
|
* @param string
|
|
* @return void
|
|
*/
|
|
function set_error_delimiters($prefix = '<p>', $suffix = '</p>')
|
|
{
|
|
$this->_error_prefix = $prefix;
|
|
$this->_error_suffix = $suffix;
|
|
}
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
/**
|
|
* Run the Validator
|
|
*
|
|
* This function does all the work.
|
|
*
|
|
* @access public
|
|
* @return bool
|
|
*/
|
|
function run()
|
|
{
|
|
// Do we even have any data to process? Mm?
|
|
if (count($_POST) == 0 OR count($this->_rules) == 0)
|
|
{
|
|
return FALSE;
|
|
}
|
|
|
|
// Load the language file containing error messages
|
|
$this->CI->lang->load('validation');
|
|
|
|
// Cycle through the rules and test for errors
|
|
foreach ($this->_rules as $field => $rules)
|
|
{
|
|
//Explode out the rules!
|
|
$ex = explode('|', $rules);
|
|
|
|
// Is the field required? If not, if the field is blank we'll move on to the next test
|
|
if ( ! in_array('required', $ex, TRUE))
|
|
{
|
|
if ( ! isset($_POST[$field]) OR $_POST[$field] == '')
|
|
{
|
|
continue;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Are we dealing with an "isset" rule?
|
|
*
|
|
* Before going further, we'll see if one of the rules
|
|
* is to check whether the item is set (typically this
|
|
* applies only to checkboxes). If so, we'll
|
|
* test for it here since there's not reason to go
|
|
* further
|
|
*/
|
|
if ( ! isset($_POST[$field]))
|
|
{
|
|
if (in_array('isset', $ex, TRUE) OR in_array('required', $ex))
|
|
{
|
|
if ( ! isset($this->_error_messages['isset']))
|
|
{
|
|
if (FALSE === ($line = $this->CI->lang->line('isset')))
|
|
{
|
|
$line = 'The field was not set';
|
|
}
|
|
}
|
|
else
|
|
{
|
|
$line = $this->_error_messages['isset'];
|
|
}
|
|
|
|
// Build the error message
|
|
$mfield = ( ! isset($this->_fields[$field])) ? $field : $this->_fields[$field];
|
|
$message = sprintf($line, $mfield);
|
|
|
|
// Set the error variable. Example: $this->username_error
|
|
$error = $field.'_error';
|
|
$this->$error = $this->_error_prefix.$message.$this->_error_suffix;
|
|
$this->_error_array[] = $message;
|
|
}
|
|
|
|
continue;
|
|
}
|
|
|
|
/*
|
|
* Set the current field
|
|
*
|
|
* The various prepping functions need to know the
|
|
* current field name so they can do this:
|
|
*
|
|
* $_POST[$this->_current_field] == 'bla bla';
|
|
*/
|
|
$this->_current_field = $field;
|
|
|
|
// Cycle through the rules!
|
|
foreach ($ex As $rule)
|
|
{
|
|
// Is the rule a callback?
|
|
$callback = FALSE;
|
|
if (substr($rule, 0, 9) == 'callback_')
|
|
{
|
|
$rule = substr($rule, 9);
|
|
$callback = TRUE;
|
|
}
|
|
|
|
// Strip the parameter (if exists) from the rule
|
|
// Rules can contain a parameter: max_length[5]
|
|
$param = FALSE;
|
|
if (preg_match("/(.*?)\[(.*?)\]/", $rule, $match))
|
|
{
|
|
$rule = $match[1];
|
|
$param = $match[2];
|
|
}
|
|
|
|
// Call the function that corresponds to the rule
|
|
if ($callback === TRUE)
|
|
{
|
|
if ( ! method_exists($this->CI, $rule))
|
|
{
|
|
continue;
|
|
}
|
|
|
|
$result = $this->CI->$rule($_POST[$field], $param);
|
|
|
|
// If the field isn't required and we just processed a callback we'll move on...
|
|
if ( ! in_array('required', $ex, TRUE) AND $result !== FALSE)
|
|
{
|
|
continue 2;
|
|
}
|
|
|
|
}
|
|
else
|
|
{
|
|
if ( ! method_exists($this, $rule))
|
|
{
|
|
/*
|
|
* Run the native PHP function if called for
|
|
*
|
|
* If our own wrapper function doesn't exist we see
|
|
* if a native PHP function does. Users can use
|
|
* any native PHP function call that has one param.
|
|
*/
|
|
if (function_exists($rule))
|
|
{
|
|
$_POST[$field] = $rule($_POST[$field]);
|
|
$this->$field = $_POST[$field];
|
|
}
|
|
|
|
continue;
|
|
}
|
|
|
|
$result = $this->$rule($_POST[$field], $param);
|
|
}
|
|
|
|
// Did the rule test negatively? If so, grab the error.
|
|
if ($result === FALSE)
|
|
{
|
|
if ( ! isset($this->_error_messages[$rule]))
|
|
{
|
|
if (FALSE === ($line = $this->CI->lang->line($rule)))
|
|
{
|
|
$line = 'Unable to access an error message corresponding to your field name.';
|
|
}
|
|
}
|
|
else
|
|
{
|
|
$line = $this->_error_messages[$rule];
|
|
}
|
|
|
|
// Build the error message
|
|
$mfield = ( ! isset($this->_fields[$field])) ? $field : $this->_fields[$field];
|
|
$mparam = ( ! isset($this->_fields[$param])) ? $param : $this->_fields[$param];
|
|
$message = sprintf($line, $mfield, $mparam);
|
|
|
|
// Set the error variable. Example: $this->username_error
|
|
$error = $field.'_error';
|
|
$this->$error = $this->_error_prefix.$message.$this->_error_suffix;
|
|
|
|
// Add the error to the error array
|
|
$this->_error_array[] = $message;
|
|
continue 2;
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
$total_errors = count($this->_error_array);
|
|
|
|
/*
|
|
* Recompile the class variables
|
|
*
|
|
* If any prepping functions were called the $_POST data
|
|
* might now be different then the corresponding class
|
|
* variables so we'll set them anew.
|
|
*/
|
|
if ($total_errors > 0)
|
|
{
|
|
$this->_safe_form_data = TRUE;
|
|
}
|
|
|
|
$this->set_fields();
|
|
|
|
// Did we end up with any errors?
|
|
if ($total_errors == 0)
|
|
{
|
|
return TRUE;
|
|
}
|
|
|
|
// Generate the error string
|
|
foreach ($this->_error_array as $val)
|
|
{
|
|
$this->error_string .= $this->_error_prefix.$val.$this->_error_suffix."\n";
|
|
}
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
/**
|
|
* Required
|
|
*
|
|
* @access public
|
|
* @param string
|
|
* @return bool
|
|
*/
|
|
function required($str)
|
|
{
|
|
if ( ! is_array($str))
|
|
{
|
|
return (trim($str) == '') ? FALSE : TRUE;
|
|
}
|
|
else
|
|
{
|
|
return ( ! empty($str));
|
|
}
|
|
}
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
/**
|
|
* Match one field to another
|
|
*
|
|
* @access public
|
|
* @param string
|
|
* @param field
|
|
* @return bool
|
|
*/
|
|
function matches($str, $field)
|
|
{
|
|
if ( ! isset($_POST[$field]))
|
|
{
|
|
return FALSE;
|
|
}
|
|
|
|
return ($str !== $_POST[$field]) ? FALSE : TRUE;
|
|
}
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
/**
|
|
* Minimum Length
|
|
*
|
|
* @access public
|
|
* @param string
|
|
* @param value
|
|
* @return bool
|
|
*/
|
|
function min_length($str, $val)
|
|
{
|
|
if (preg_match("/[^0-9]/", $val))
|
|
{
|
|
return FALSE;
|
|
}
|
|
|
|
if (function_exists('mb_strlen'))
|
|
{
|
|
return (mb_strlen($str) < $val) ? FALSE : TRUE;
|
|
}
|
|
|
|
return (strlen($str) < $val) ? FALSE : TRUE;
|
|
}
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
/**
|
|
* Max Length
|
|
*
|
|
* @access public
|
|
* @param string
|
|
* @param value
|
|
* @return bool
|
|
*/
|
|
function max_length($str, $val)
|
|
{
|
|
if (preg_match("/[^0-9]/", $val))
|
|
{
|
|
return FALSE;
|
|
}
|
|
|
|
if (function_exists('mb_strlen'))
|
|
{
|
|
return (mb_strlen($str) > $val) ? FALSE : TRUE;
|
|
}
|
|
|
|
return (strlen($str) > $val) ? FALSE : TRUE;
|
|
}
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
/**
|
|
* Exact Length
|
|
*
|
|
* @access public
|
|
* @param string
|
|
* @param value
|
|
* @return bool
|
|
*/
|
|
function exact_length($str, $val)
|
|
{
|
|
if (preg_match("/[^0-9]/", $val))
|
|
{
|
|
return FALSE;
|
|
}
|
|
|
|
if (function_exists('mb_strlen'))
|
|
{
|
|
return (mb_strlen($str) != $val) ? FALSE : TRUE;
|
|
}
|
|
|
|
return (strlen($str) != $val) ? FALSE : TRUE;
|
|
}
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
/**
|
|
* Valid Email
|
|
*
|
|
* @access public
|
|
* @param string
|
|
* @return bool
|
|
*/
|
|
function valid_email($str)
|
|
{
|
|
return ( ! preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $str)) ? FALSE : TRUE;
|
|
}
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
/**
|
|
* Valid Emails
|
|
*
|
|
* @access public
|
|
* @param string
|
|
* @return bool
|
|
*/
|
|
function valid_emails($str)
|
|
{
|
|
if (strpos($str, ',') === FALSE)
|
|
{
|
|
return $this->valid_email(trim($str));
|
|
}
|
|
|
|
foreach(explode(',', $str) as $email)
|
|
{
|
|
if (trim($email) != '' && $this->valid_email(trim($email)) === FALSE)
|
|
{
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
/**
|
|
* Validate IP Address
|
|
*
|
|
* @access public
|
|
* @param string
|
|
* @return string
|
|
*/
|
|
function valid_ip($ip)
|
|
{
|
|
return $this->CI->input->valid_ip($ip);
|
|
}
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
/**
|
|
* Alpha
|
|
*
|
|
* @access public
|
|
* @param string
|
|
* @return bool
|
|
*/
|
|
function alpha($str)
|
|
{
|
|
return ( ! preg_match("/^([a-z])+$/i", $str)) ? FALSE : TRUE;
|
|
}
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
/**
|
|
* Alpha-numeric
|
|
*
|
|
* @access public
|
|
* @param string
|
|
* @return bool
|
|
*/
|
|
function alpha_numeric($str)
|
|
{
|
|
return ( ! preg_match("/^([a-z0-9])+$/i", $str)) ? FALSE : TRUE;
|
|
}
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
/**
|
|
* Alpha-numeric with underscores and dashes
|
|
*
|
|
* @access public
|
|
* @param string
|
|
* @return bool
|
|
*/
|
|
function alpha_dash($str)
|
|
{
|
|
return ( ! preg_match("/^([-a-z0-9_-])+$/i", $str)) ? FALSE : TRUE;
|
|
}
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
/**
|
|
* Numeric
|
|
*
|
|
* @access public
|
|
* @param string
|
|
* @return bool
|
|
*/
|
|
function numeric($str)
|
|
{
|
|
return (bool)preg_match( '/^[\-+]?[0-9]*\.?[0-9]+$/', $str);
|
|
|
|
}
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
/**
|
|
* Is Numeric
|
|
*
|
|
* @access public
|
|
* @param string
|
|
* @return bool
|
|
*/
|
|
function is_numeric($str)
|
|
{
|
|
return ( ! is_numeric($str)) ? FALSE : TRUE;
|
|
}
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
/**
|
|
* Integer
|
|
*
|
|
* @access public
|
|
* @param string
|
|
* @return bool
|
|
*/
|
|
function integer($str)
|
|
{
|
|
return (bool)preg_match( '/^[\-+]?[0-9]+$/', $str);
|
|
}
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
/**
|
|
* Is a Natural number (0,1,2,3, etc.)
|
|
*
|
|
* @access public
|
|
* @param string
|
|
* @return bool
|
|
*/
|
|
function is_natural($str)
|
|
{
|
|
return (bool)preg_match( '/^[0-9]+$/', $str);
|
|
}
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
/**
|
|
* Is a Natural number, but not a zero (1,2,3, etc.)
|
|
*
|
|
* @access public
|
|
* @param string
|
|
* @return bool
|
|
*/
|
|
function is_natural_no_zero($str)
|
|
{
|
|
if ( ! preg_match( '/^[0-9]+$/', $str))
|
|
{
|
|
return FALSE;
|
|
}
|
|
|
|
if ($str == 0)
|
|
{
|
|
return FALSE;
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
/**
|
|
* Valid Base64
|
|
*
|
|
* Tests a string for characters outside of the Base64 alphabet
|
|
* as defined by RFC 2045 http://www.faqs.org/rfcs/rfc2045
|
|
*
|
|
* @access public
|
|
* @param string
|
|
* @return bool
|
|
*/
|
|
function valid_base64($str)
|
|
{
|
|
return (bool) ! preg_match('/[^a-zA-Z0-9\/\+=]/', $str);
|
|
}
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
/**
|
|
* Set Select
|
|
*
|
|
* Enables pull-down lists to be set to the value the user
|
|
* selected in the event of an error
|
|
*
|
|
* @access public
|
|
* @param string
|
|
* @param string
|
|
* @return string
|
|
*/
|
|
function set_select($field = '', $value = '')
|
|
{
|
|
if ($field == '' OR $value == '' OR ! isset($_POST[$field]))
|
|
{
|
|
return '';
|
|
}
|
|
|
|
if ($_POST[$field] == $value)
|
|
{
|
|
return ' selected="selected"';
|
|
}
|
|
}
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
/**
|
|
* Set Radio
|
|
*
|
|
* Enables radio buttons to be set to the value the user
|
|
* selected in the event of an error
|
|
*
|
|
* @access public
|
|
* @param string
|
|
* @param string
|
|
* @return string
|
|
*/
|
|
function set_radio($field = '', $value = '')
|
|
{
|
|
if ($field == '' OR $value == '' OR ! isset($_POST[$field]))
|
|
{
|
|
return '';
|
|
}
|
|
|
|
if ($_POST[$field] == $value)
|
|
{
|
|
return ' checked="checked"';
|
|
}
|
|
}
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
/**
|
|
* Set Checkbox
|
|
*
|
|
* Enables checkboxes to be set to the value the user
|
|
* selected in the event of an error
|
|
*
|
|
* @access public
|
|
* @param string
|
|
* @param string
|
|
* @return string
|
|
*/
|
|
function set_checkbox($field = '', $value = '')
|
|
{
|
|
if ($field == '' OR $value == '' OR ! isset($_POST[$field]))
|
|
{
|
|
return '';
|
|
}
|
|
|
|
if ($_POST[$field] == $value)
|
|
{
|
|
return ' checked="checked"';
|
|
}
|
|
}
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
/**
|
|
* Prep data for form
|
|
*
|
|
* This function allows HTML to be safely shown in a form.
|
|
* Special characters are converted.
|
|
*
|
|
* @access public
|
|
* @param string
|
|
* @return string
|
|
*/
|
|
function prep_for_form($data = '')
|
|
{
|
|
if (is_array($data))
|
|
{
|
|
foreach ($data as $key => $val)
|
|
{
|
|
$data[$key] = $this->prep_for_form($val);
|
|
}
|
|
|
|
return $data;
|
|
}
|
|
|
|
if ($this->_safe_form_data == FALSE OR $data == '')
|
|
{
|
|
return $data;
|
|
}
|
|
|
|
return str_replace(array("'", '"', '<', '>'), array("'", """, '<', '>'), stripslashes($data));
|
|
}
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
/**
|
|
* Prep URL
|
|
*
|
|
* @access public
|
|
* @param string
|
|
* @return string
|
|
*/
|
|
function prep_url($str = '')
|
|
{
|
|
if ($str == 'http://' OR $str == '')
|
|
{
|
|
$_POST[$this->_current_field] = '';
|
|
return;
|
|
}
|
|
|
|
if (substr($str, 0, 7) != 'http://' && substr($str, 0, 8) != 'https://')
|
|
{
|
|
$str = 'http://'.$str;
|
|
}
|
|
|
|
$_POST[$this->_current_field] = $str;
|
|
}
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
/**
|
|
* Strip Image Tags
|
|
*
|
|
* @access public
|
|
* @param string
|
|
* @return string
|
|
*/
|
|
function strip_image_tags($str)
|
|
{
|
|
$_POST[$this->_current_field] = $this->CI->input->strip_image_tags($str);
|
|
}
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
/**
|
|
* XSS Clean
|
|
*
|
|
* @access public
|
|
* @param string
|
|
* @return string
|
|
*/
|
|
function xss_clean($str)
|
|
{
|
|
$_POST[$this->_current_field] = $this->CI->input->xss_clean($str);
|
|
}
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
/**
|
|
* Convert PHP tags to entities
|
|
*
|
|
* @access public
|
|
* @param string
|
|
* @return string
|
|
*/
|
|
function encode_php_tags($str)
|
|
{
|
|
$_POST[$this->_current_field] = str_replace(array('<?php', '<?PHP', '<?', '?>'), array('<?php', '<?PHP', '<?', '?>'), $str);
|
|
}
|
|
|
|
}
|
|
// END Validation Class
|
|
|
|
/* End of file Validation.php */
|
|
/* Location: ./system/libraries/Validation.php */ |